WinRAR v3.80 - ZIP Filename Spoofing

最新推荐文章于 2021-10-28 10:54:16 发布
最新推荐文章于 2021-10-28 10:54:16 发布
阅读量1.2k 收藏
点赞数
文章标签: file encryption security compression header user

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1   

+------------------------------------------------------------------------+
|                                 .......                                |
|                         ..''xxxxxxxxxxxxxxx'...                        |
|                    ..'xxxxxxxxxxxxxxxxxxxxxxxxxxx..                    |
|                 ..'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'.                 |
|               .'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'''.......'.               |
|             .'xxxxxxxxxxxxxxxxxxxxx''......        ...  ..             |
|            .xxxxxxxxxxxxxxxxxx'...         ........      .'.           |
|           'xxxxxxxxxxxxxxx'......                          '.          |
|          'xxxxxxxxxxxxxx'..'x..                            .x.         |
|         .xxxxxxxxxxxx'...'..                  ...           .'         |
|         'xxxxxxxxx'..  .                          ..        .x.        |
|         xxxxxxx'.                                  ..        x.        |
|         xxxx'.                ....                  x        x.        |
|         'x'.            ...'xxxxxxx'.               x       .x.        |
|         .x'.         .'xxxxxxxxxxxxxx.             ''       .'         |
|          .xx.      .'xxxxxxxxxxxxxxxx.           .'xx'''.  .'          |
|           .xx..    'xxxxxxxxxxxxxxxx'          .'xxxxxxxxx''.          |
|            .'xx'.  .'xxxxxxxxxxxxxxx.      ..'xxxxxxxxxxxx'            |
|              .xxx'.  .xxxxxxxxxxxx'.    .'xxxxxxxxxxxxxx'.             |
|                .xxxx'.'xxxxxxxxx'.      xxx'xxxxxxxxxx'.               |
|                  .'xxxxxxx'....          ...xxxxxxx'.                  |
|                     ..'xxxxx'..         ..xxxxx'..                     |
|                          ....'xx'.....''''...                          |
|                                                                        |
|                    CubilFelino Security Research Lab                   |
|                            proudly presents...                         |
+------------------------------------------------------------------------+

=======================================================

Security Advisory: WinRAR v3.80 - ZIP Filename Spoofing

Security Researcher Info: 

Discovered by:        Christian Navarrete (chr1x) - M�xico
Website URL:        http://chr1x.sectester.net
Contact E-mail:        chr1x_at_sectester.
 
 net
OpenPGP key id:     0x3765F4F8


OpenPGP fingerprint: 58AB CB8C DCF4 8B2E 40EF 11E8 4354 91DF 3765 F4F8

Vulnerability General Information: 

Discovery date:        30/08/2009 (Good gift of Birthday! :)
Advisory URL:


http://advisory.sectester.net/chr1xpwnadv-winrar-zip-filename-spoofing.pdf Vulnerability on Video: http://www.youtube.com/user/sectester PoC/Exploit Availability: http://chr1x.sectester.net/winrar380_PoC.zip

Software:         WinRAR
Version:            3.80
Security risk:        Low
Exploitable from:         Local
Vulnerability:        ZIP Filename spoofing
Release mode:         Coordinated disclosure.
Vendor:            http://www.rarlabs.com
Status:            Current version (WinRAR v3.80) not patched, next

engine version (WinRAR v.3.90) will be patched CWE Weakness ID: CWE-372: Incomplete Internal State Distinction (1.5) CVE ID: None provided
Disclosure Policy: http://www.wiretrip.net/rfp/policy.html

Product Description:


(Taken from Wikipedia)

WinRAR is a shareware file archiver and data compression utility developed by Eugene Roshal, and first released around 1995. It is one of the few applications that is

able to create RAR archives natively, because the encoding method is held to be proprietary.

WinRAR supports the following features:

  • Complete support for RAR and ZIP archives, and unpacking of ARJ, LZH, TAR, GZ, ACE, UUE, BZ2, JAR, ISO, EXE, 7z, and Z archives. Future versions of WinRAR are

planned to include 7z creation.
* The ability to create self-extracting and multi-volume (split) archives.
* Data redundancy is provided via recovery records and recovery volumes, allowing reconstruction of damaged archives. * Support for advanced NTFS file system options and Unicode in file names.
* Optional archive encryption using AES (Advanced Encryption Standard) with a 128-bit key.

I. Vulnerability Summary:

WinRAR v3.80 is prone to a Filename Spoofing contained inside a malformed .ZIP file.

II. Vulnerability Description:


ZIP File Spoofing can be done by to a mismatch of file name in the file list in WinRAR GUI shell and in extracted file. A real exploitation of this issue is in the following scenario: When a user opens the malformed file using WinRAR v3.80 will see filename (example: imagefile.gif) but when files are extracted, the extracted file could be another one, not the original imagefile.gif. There are two parts of code looking for the start of ZIP central directory. One in extraction routine and other in file list browsing. they used slightly different approaches, so one of the first filename record found and another for the "hidden" file. They must be exactly the same and both find the same file names.

ZIP format contains two copies of file name, one in local file header and another in central directory, for redundancy purpose. If file names mismatch, it must not be a reason to abort extraction, because it would defeat the entire purpose of having two file name copies. It is up to unzip implementation to choose a name, but typically, if can't detect which of records is more valid, the central directory record has precedence over local file header, because it contains more information about a file.

III. Potential Attack Vector:


An attacker can use this vulnerability in order to hide malware and perform social engineering attacks to perform a successfull Internet user targeting attack.

IV. Risk Assessment:

Likelihood of exploitation:Low
* Since the user should interact a little bit with this, obviously attack vectors are here, but differs on the context and many things in order to get it done.

Impact: Low
* Since if a user receive this (doesn't matter the way) when he/she open the file can see a filename thats isn't the one that can be extracted.

Overall risk: Low

V. Researcher & Vendor Communication for Disclosure timeline

cnbird2008
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
WinRAR 3.80官方简体中文正式版+注册机.rar
07-10
WinRAR 3.80官方简体中文正式版+注册机 比较实用的东西,要的抱走
WinRAR 3.80 官方简体中文版+KEY
12-18
WinRAR 3.80 官方简体中文版+KEY
WinRAR 3.80 简体中文版
04-30
WinRAR 3.80 简体中文版
WinRAR 3.80 简体中文版(无毒版) 自动注册
10-14
WinRAR 3.80 简体中文版(无毒版) 自动注册版 软件介绍: 流行好用的压缩工具,支持鼠标拖放及外壳扩展,完美支持 ZIP 档案,内置程序可以解开 CAB、ARJ、LZH、TAR、GZ、ACE、UUE、BZ2、JAR、ISO 等多种类型的压缩文件;具有估计压缩功能,你可以在压缩文件之前得到用 ZIPRAR 两种压缩工具各三种压缩方式下的大概压缩率;具有历史记录和收藏夹功能;压缩率相当高,而资源占用相对较少、固定压缩、多媒体压缩和多卷自释放压缩是大多压缩工具所不具备的;使用非常简单方便,配置选项不多,仅在资源管理器中就可以完成你想做的工作;对于ZIPRAR 的自释放档案文件( DOS 和 WINDOWS 格式均可),点击属性就可以轻易知道此文件的压缩属性,如果有注释,还能在属性中查看其内容。新版更加强了NT/2000 在信息安全和数据流方面的功能,并对不同的需要保存不同的压缩配置。
winrar3.80简体中文增强版
03-23
软件介绍: WinRAR 是强大的压缩文件管理器。它提供了 RARZIP 文件的完整支持,能解压7Z、ACE、ARJ、BZ2、CAB、GZ、ISO、JAR、LZH、TAR、UUE、Z 格式文件。WinRAR的功能包括强力压缩、分卷、加密、自解压模块、备份简易。 【本增强版具有以下特性】: ◆破除共享版所有限制。本版本已经完全破解,即便没有授权文件,也可以无限制使用除了用户身份校验之外的所有功能。 ◆突破压缩文档锁定限制。使用本版本可以对含有锁定标记的压缩文档内容进行任意的添加、删除或更新等操作,同时不破坏原有锁定标记。 ◆破解用户身份校验。使用本版本添加的用户身份校验信息可通过官方原版的验证,相当于正版授权。同时本版本也可以查看一些其它破解版本所添加的用户身份校验信息,而这些信息对于官方原版可能会因校验失败而无法读取。 ◆集成实用自解压模块。本版本中集成三款修改的自解压模块,部分更换了图标和位图,或者调整了界面布局,适合需要个性定制自解压模块的用户直接使用或作为参考模板。 ◆内置精美皮肤主题。本版本中内置了一系列精美皮肤主题,您可根据需要,在主程序的“选项”→“主题”菜单中挑选适当的皮肤,美化 WinRAR 的操作界面和文件关联图标。 【附注】:本版本集成的授权文件等同于正版,对于官方原版同样有效!   本版本仅供学习研究用途,如果您不喜欢这个增强版本,也可以下载官方原版,再配合本版本提供的授权文件即可激活所有功能。
Silent-Face-Anti-Spoofing:静默活体检测(静音面部防欺骗)
03-18
静默活体检测(Silent-Face-Anti-Spoofing) 该项目为的静默活体检测项目,您可以扫描下方的二维码获取安卓端APK,体验静默活体的检测效果。 更新 2020-07-30:开源caffe模型,分享工业级静默活体检测算法技术解析...
Zeusee-Face-Anti-Spoofing:开源配合型人脸活体检测
02-05
Zeusee配合型人脸活体检测 在移动端进行人脸识别应用开发的时候,经常存在用户会使用翻拍照片录制录像等来欺骗人脸识别系统,因此活体检测是人脸识别和人脸验证中非常重要的一个部分,同时目前开源活体检测代码的...
light-weight-face-anti-spoofing:解决欺骗问题
05-18
轻量级面部防欺骗 致力于解决仅RGB数据上的反欺骗问题。 介绍 该存储库包含具有针对人脸反欺骗网络的不同正则化方法的训练和评估管道。 有几种基于MobileNetv2(MN2)和MobileNetv3(MN3)的模型可用于培训。...
Silent-Face-Anti-Spoofing-APK
03-19
该项目为的静默活体检测算法在安卓平台的部署代码。
网络攻防课程seed-labs实验-Sniffing_Spoofing.zip
最新发布
06-01
《网络攻防课程seed-labs实验-Sniffing_Spoofing.zip》是一个与网络安全相关的实验,主要聚焦在嗅探(Sniffing)和欺骗(Spoofing)这两个关键概念上。这两个技术是网络攻防领域的重要组成部分,理解和掌握它们对于...
winRAR3.80绿色破解版
06-30
经常重装电脑后,为这个压缩软件郁闷半天。什么也不说了,就当做方便我以后装电脑用。
WinRAR V3.80 beta4简体中文CAB安装版
09-20
WinRAR V3.80 beta4简体中文CAB安装版
WinRAR 3.80 简体中文中天论坛专版
11-19
 WINRAR 是现在最好的压缩工具,界面友好,使用方便,在压缩率和速度方面都有很好的表现。其压缩率比之 WINZIP 之流要高。RAR 采用了比 Zip 更先进的压缩算法,是现在压缩率较大、压缩速度较快的格式之一。   主要特点:对 RARZIP 的完全支持; 支持 ARJ、CAB、LZH、ACE、TAR、GZ、UUE、BZ2、JAR、ISO 类型文件的解压;多卷压缩功能;创建自释放文件,可以制作简单的安装程序,使用方便;强大的档案文件修复功能,最大限度恢复损坏的 rarzip 压缩文件中的数据,如果设置了恢复记录,甚至可能完全恢复等等…… WinRAR 3.80中天论坛专用版 - 中天VIP工作室制作 —
WinRar File extension spoofing
真理部
04-03 1304
前些天安全圈内爆出一个关于WinRAR的漏洞,不少人只是听说但是未了解细节,邪红色信息安全组织成员对国外关于此漏洞的讲述进行了翻译。 通过这个漏洞可使得winrar压缩包内的test.jpg点击后实际运行exe等程序,下面是关于An7i Security团队原文的翻译: 1) Winrar是最常见的用于压缩和解压数据的一个应用,该应用压缩RARZIP格式的数据。 本文将呈现
winrar 3.80 简体中文版注册码
蒋志伟
06-17 217
WinRAR 3.80 简体中文版注册码 用法:将下列注册码复制到记事本中,另存为rarreg.key(或着rarreg.reg )文件,然后将rarreg.key(或着rarreg.reg )文件复制到WinRAR 安装目录即可 (C:\Program Files\WinRAR)。 RAR registration data Federal Agency for Education ...
zipimport.ZipImportError: bad local file header错误的解决办法
Scape1989的专栏
01-18 7754
在debian/ubuntu系中比较常见。(更新不勤快的发行版不是好发行版) 这个是setuptools老版本(0.6)中已被查明的BUG,在新版本中已经得到解决,使用老版本的可以用以下命令升级setuptools(1.0)进行修复: wget https://bitbucket.org/pypa/setuptools/raw/bootstrap/ez_setup.py -O - | pyt
Educational Codeforces Round 62 (Rated for Div. 2) - E.Palindrome-less Arrays(dp)
star_moon0309的博客
03-26 9410
题目大意:给你一个串,这个串有-1或1~k中的数组成,-1位置的数未确定,你可以将1~k中的数填入其中。问有多少种填的方案使得这个串中不包含回文串 思路:这道题看的时候就感觉是dp,不过搞了很长时间没搞出来(菜哭)。看了cf官方的题解后恍然大悟。 首先需要知道只要长度为3的串不是回文串,那么包含这个长度为3的串的较长的串一定不是回文串(这个很好理解) 所以我们只需消灭长度为3的回文串。...
RAR/ZIP文件解压(兼容RAR5)
Zephyr_Syn
10-28 759
RAR/ZIP文件解压,兼容RAR5格式文件;
YouTube-8M: A Large-Scale Video Classification Benchmark
热门推荐
人工智能
06-26 76万+
Abstract Many recent advancements in Computer Vision are attributed to large datasets. Open-source software packages for Machine Learning and inexpensive commodity hardware have reduced the barrier
anti-arp-spoofing ip
04-04
Anti-ARP spoofing is a technique used to prevent attackers from using ARP spoofing to intercept or manipulate network traffic. ARP spoofing is a type of attack in which an attacker sends fake ARP ...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值